<!DOCTYPE html>
<html lang="en">
<head>
  <meta charset="utf-8">
  <meta http-equiv="X-UA-Compatible" content="IE=edge">
  <meta name="viewport" content="width=device-width, initial-scale=1">
  <meta name="description" content="Home page of The Apache Software Foundation">
  <link rel="apple-touch-icon" sizes="57x57" href="http://www.apache.org/favicons/apple-touch-icon-57x57.png">
  <link rel="apple-touch-icon" sizes="60x60" href="http://www.apache.org/favicons/apple-touch-icon-60x60.png">
  <link rel="apple-touch-icon" sizes="72x72" href="http://www.apache.org/favicons/apple-touch-icon-72x72.png">
  <link rel="apple-touch-icon" sizes="76x76" href="http://www.apache.org/favicons/apple-touch-icon-76x76.png">
  <link rel="apple-touch-icon" sizes="114x114" href="http://www.apache.org/favicons/apple-touch-icon-114x114.png">
  <link rel="apple-touch-icon" sizes="120x120" href="http://www.apache.org/favicons/apple-touch-icon-120x120.png">
  <link rel="apple-touch-icon" sizes="144x144" href="http://www.apache.org/favicons/apple-touch-icon-144x144.png">
  <link rel="apple-touch-icon" sizes="152x152" href="http://www.apache.org/favicons/apple-touch-icon-152x152.png">
  <link rel="apple-touch-icon" sizes="180x180" href="http://www.apache.org/favicons/apple-touch-icon-180x180.png">
  <link rel="icon" type="image/png" href="http://www.apache.org/favicons/favicon-32x32.png" sizes="32x32">
  <link rel="icon" type="image/png" href="http://www.apache.org/favicons/favicon-194x194.png" sizes="194x194">
  <link rel="icon" type="image/png" href="http://www.apache.org/favicons/favicon-96x96.png" sizes="96x96">
  <link rel="icon" type="image/png" href="http://www.apache.org/favicons/android-chrome-192x192.png" sizes="192x192">
  <link rel="icon" type="image/png" href="http://www.apache.org/favicons/favicon-16x16.png" sizes="16x16">
  <link rel="manifest" href="http://www.apache.org/favicons/manifest.json">
  <link rel="shortcut icon" href="http://www.apache.org/favicons/favicon.ico">
  <meta name="msapplication-TileColor" content="#603cba">
  <meta name="msapplication-TileImage" content="/favicons/mstile-144x144.png">
  <meta name="msapplication-config" content="/favicons/browserconfig.xml">
  <meta name="theme-color" content="#282661">

  <title>ASF Security Team</title>
  <link href="https://fonts.googleapis.com/css?family=Montserrat:300,600" rel="stylesheet">
  <link href="http://www.apache.org/css/min.bootstrap.css" rel="stylesheet">
  <link href="http://www.apache.org/css/styles.css" rel="stylesheet">
  <style>
.headerlink {
  visibility: hidden;
}
dt:hover > .headerlink, p:hover > .headerlink, td:hover > .headerlink, h1:hover > .headerlink, h2:hover > .headerlink, h3:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, h6:hover > .headerlink {
  visibility: visible
}  </style>

<!-- https://www.apache.org/licenses/LICENSE-2.0 -->
</head>

<body >
  <!-- Navigation -->
  <header>
	<div id="skiptocontent">
		<a href="security.html#maincontent">Skip to Main Content</a>
	</div>
    <nav class="navbar navbar-inverse navbar-fixed-top mainmenu">
      <div class="container">
        <div class="navbar-header">
          <button class="navbar-toggle" type="button" data-toggle="collapse" data-target="#mainnav-collapse">
            <span class="sr-only">Toggle navigation</span>
            <span class="icon-bar"></span>
            <span class="icon-bar"></span>
            <span class="icon-bar"></span>
          </button>
        </div>
        <div class="collapse navbar-collapse" id="mainnav-collapse">
          <ul class="nav navbar-nav navbar-justified">
            <li>
              <form class="visible-xs">
                <div class="input-group" style="width: 100%;">
                  <script>
                    (function() {
                    var cx = '005703438322411770421:5mgshgrgx2u';
                    var gcse = document.createElement('script');
                    gcse.type = 'text/javascript';
                    gcse.async = true;
                    gcse.src = (document.location.protocol == 'https:' ? 'https:' : 'http:') +
                    '//cse.google.com/cse.js?cx=' + cx;
                    var s = document.getElementsByTagName('script')[0];
                    s.parentNode.insertBefore(gcse, s);
                    })();
                  </script>
                  <gcse:searchbox-only></gcse:searchbox-only>
                </div>
              </form>
            </li>
            <li><a href="http://www.apache.org/index.html#news">News</a></li>
            <li class="dropdown">
              <a href="security.html#" class="dropdown-toggle" data-toggle="dropdown" role="button">About&nbsp;<span class="caret"></span></a>
              <ul class="dropdown-menu" role="menu">
                <li><a href="http://www.apache.org/foundation">Overview</a></li>
                <li><a href="http://www.apache.org/foundation/how-it-works.html">Process</a></li>
                <li><a href="http://www.apache.org/foundation/governance/">Governance</a></li>
                <li><a href="http://www.apache.org/theapacheway/index.html">The Apache Way</a></li>
                <li><a href="http://www.apache.org/foundation/governance/members.html">Membership</a></li>
                <li><a href="https://community.apache.org/">Community</a></li>
                <li><a href="https://diversity.apache.org/">Diversity & Inclusion</a></li>
                <li><a href="http://www.apache.org/foundation/policies/conduct">Code of Conduct</a></li>
                <li><a href="http://www.apache.org/foundation/glossary.html">Glossary</a></li>
				  <li><a href="http://www.apache.org/apache-name">About Our Name</a></li>
                <li><a href="http://www.apache.org/foundation/preFAQ.html">FAQ</a></li>
                <li><a href="http://www.apache.org/foundation/contributing.html">Support Apache</a></li>
                <li><a href="http://www.apache.org/press/">Media/Analysts</a></li>
                <li><a href="http://www.apache.org/foundation/contact.html">Contact</a></li>
              </ul>
            </li>
            <li class="dropdown">
              <a href="http://www.apache.org/security/security.html#" class="dropdown-toggle" data-toggle="dropdown" role="button">Make a Donation&nbsp;<span class="caret"></span></a>
              <ul class="dropdown-menu" role="menu">
                <li><a href="http://www.apache.org/foundation/contributing.html">Donate Now</a></li>
                <li><a href="https://donate.apache.org/">&nbsp;&nbsp;Via Credit Card</a></li>
                <li><a href="https://donate.apache.org/">&nbsp;&nbsp;Via ACH</a></li>
                <li><a href="https://donate.apache.org/">&nbsp;&nbsp;Via PayPal</a></li>
                <li><a href="https://www.redbubble.com/people/comdev">Buy Swag</a></li>
                <li><a href="https://smile.amazon.com/gp/chpf/homepage/ref=smi_se_scyc_srch_stsr?q=apache+software+foundation&orig=%2F">Shop smile.amazon.com</a></li>
                <li><a href="http://www.apache.org/foundation/sponsorship.html">ASF Sponsorship</a></li>
                <li><a href="http://www.apache.org/foundation/thanks#targeted-sponsors">Targeted Sponsorship</a></li>
                <li><a href="http://www.apache.org/foundation/contributing.html#CorporateGiving">Corporate Giving</a></li>
              </ul>
            </li>
            <li class="dropdown">
              <a href="http://www.apache.org/security/security.html#" class="dropdopwn-toggle" data-toggle="dropdown">The Apache Way&nbsp;<span class="caret"></span></a>
              <ul class="dropdown-menu" role="menu">
                <li><a href="http://www.apache.org/theapacheway/index.html">The Apache Way</a></li>
                <li><a href="https://s.apache.org/GhnI">Sustainable Open Source</a></li>
                <li><a href="http://www.apache.org/foundation/how-it-works.html">How it Works</a></li>
                <li><a href="http://www.apache.org/foundation/how-it-works.html#meritocracy">Merit</a></li>
                <li><a href="https://blogs.apache.org/foundation/category/SuccessAtApache">Success at Apache</a></li>
              </ul>
            </li>
            <li class="dropdown">
              <a href="http://www.apache.org/security/security.html#" class="dropdopwn-toggle" data-toggle="dropdown">Join Us&nbsp;<span class="caret"></span></a>
              <ul class="dropdown-menu" role="menu">
                <li><a href="https://community.apache.org/gettingStarted/101.html">Getting Started</a></li>
                <li><a href="https://helpwanted.apache.org/">Help Wanted</a></li>
                <li><a href="https://www.apachecon.com/">ApacheCon</a></li>
                <li><a href="http://community.apache.org/calendars/">Community Events</a></li>
                <li><a href="http://www.apache.org/travel/">Travel Assistance</a></li>
                <li><a href="https://community.apache.org/gsoc.html">Summer of Code</a></li>
                <li><a href="http://www.apache.org/foundation/policies/conduct">Code of Conduct</a></li>
                <li><a href="https://community.apache.org/contributors/etiquette">Etiquette</a></li>
                <li class="dropdown dropdown-submenu visible-xs">
                  <a href="http://www.apache.org/security/security.html#" class="dropdown-toggle" data-toggle="dropdown" role="button">Projects&nbsp;<span class="caret"></span></a>
                  <ul class="dropdown-menu" role="menu">
                    <li><a href="http://www.apache.org/index.html#projects-list">Project List</a></li>
                    <li><a href="http://www.apache.org/foundation/how-it-works.html#management">How they work</a></li>
                    <li><a href="https://community.apache.org/projectIndependence.html">Independence</a></li>
                    <li><a href="https://projects.apache.org/committees.html?date">Date Founded</a></li>
                    <li><a href="https://projects.apache.org/projects.html?name">Names</a></li>
                    <li><a href="https://projects.apache.org/projects.html?category">Categories</a></li>
                    <li><a href="https://projects.apache.org/projects.html?language">Languages</a></li>
                    <li><a href="https://projects.apache.org/statistics.html">Statistics</a></li>
                    <li><a href="https://incubator.apache.org/">Apache Incubator</a></li>
                    <li><a href="https://helpwanted.apache.org/">Help Wanted</a></li>
                    <li><a href="http://www.apache.org/foundation/marks/">Brand Management</a></li>
                  </ul>
                </li>
                <li class="drowpdown dropdown-submenu visible-xs">
                  <a href="http://www.apache.org/security/security.html#" class="dropdown-toggle" data-toggle="dropdown" role="button">People&nbsp;<span class="caret"></span></a>
                  <ul class="dropdown-menu" role="menu">
                    <li><a href="http://www.apache.org/foundation/how-it-works.html#roles">Roles</a></li>
                    <li><a href="http://www.apache.org/foundation/members.html">Members</a></li>
                    <li><a href="https://community.apache.org/contributors/">Committers</a></li>
                    <li><a href="http://www.apache.org/foundation/#who-runs-the-asf">Board of Directors</a></li>
                    <li><a href="http://www.apache.org/foundation/#who-runs-the-asf">Officers  &amp; Project VPs</a></li>
                    <li><a href="https://community.zones.apache.org/map.html">Location Map</a></li>
                    <li><a href="http://www.apache.org/foundation/policies/conduct">Code of Conduct</a></li>
                    <li><a href="https://people.apache.org/">Committer Directory</a></li>
                  </ul>
                </li>
                <li class="drowpdown dropdown-submenu visible-xs">
                  <a href="http://www.apache.org/security/security.html#" class="dropdown-toggle" data-toggle="dropdown" role="button">Community&nbsp;<span class="caret"></span></a>
                  <ul class="dropdown-menu" role="menu">
                    <li><a href="https://community.apache.org/about/">Community Development</a></li>
                    <li><a href="http://www.apache.org/foundation/policies/conduct">Code of Conduct</a></li>
                    <li><a href="https://community.apache.org/">Get Involved</a></li>
                    <li><a href="https://community.apache.org/mentoringprogramme.html">Mentoring</a></li>
                    <li><a href="https://helpwanted.apache.org/">Help Wanted</a></li>
                    <li><a href="https://community.apache.org/calendars/">Community Events</a></li>
                    <li><a href="https://community.apache.org/newbiefaq.html">FAQ</a></li>
                    <li><a href="https://community.apache.org/lists.html">Mailing Lists</a></li>
                  </ul>
                </li>
                <li class="drowpdown dropdown-submenu visible-xs">
                  <a href="http://www.apache.org/security/security.html#" class="dropdown-toggle" data-toggle="dropdown" role="button">License&nbsp;<span class="caret"></span></a>
                  <ul class="dropdown-menu" role="menu">
                    <li><a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License 2.0</a></li>
                    <li><a href="http://www.apache.org/foundation/license-faq.html">Licensing FAQ</a></li>
                    <li><a href="http://www.apache.org/licenses/contributor-agreements.html">Contributor License Agreements</a></li>
                    <li><a href="http://www.apache.org/licenses/contributor-agreements.html#grants">Software Grants</a></li>
                    <li><a href="http://www.apache.org/foundation/marks/list/">Trademarks</a></li>
					<li><a href="http://www.apache.org/licenses/exports/">Exports</a></li>
                  </ul>
                </li>
                <li class="drowpdown dropdown-submenu visible-xs">
                  <a href="http://www.apache.org/security/security.html#" class="dropdown-toggle" data-toggle="dropdown" role="button">Sponsors&nbsp;<span class="caret"></span></a>
                  <ul class="dropdown-menu" role="menu">
                    <li><a href="http://www.apache.org/foundation/sponsorship.html">Sponsor the ASF</a></li>
                    <li><a href="http://www.apache.org/foundation/thanks">Sponsor Thanks</a></li>
                    <li><a href="http://www.apache.org/foundation/contributing.html#CorporateGiving">Corporate Giving</a></li>
                    <li><a href="http://www.apache.org/foundation/contributing.html">Individual Donations</a></li>
                    <li><a href="https://www.redbubble.com/people/comdev/">Buy Stuff</a></li>
                  </ul>
                </li>
              </ul>
            </li>
            <li class="dropdown">
              <a href="http://www.apache.org/security/security.html#" class="dropdown-toggle" data-toggle="dropdown" role="button">Downloads&nbsp;<span class="caret"></span></a>
              <ul class="dropdown-menu" role="menu">
                <li><a href="https://downloads.apache.org/">Distribution</a></li>
                <li><a href="https://projects.apache.org/releases.html">Releases</a></li>
                <li><a href="https://status.apache.org/">Infrastructure Status</a></li>
                <li><a href="http://www.apache.org/uptime/">Infrastructure Statistics</a></li>
              </ul>
            </li>
            <li class="dropdown hidden-xs">
              <a href="http://www.apache.org/security/security.html#" class="dropdown-toggle" data-toggle="dropdown" role="button"><span class="glyphicon glyphicon-search"
                  aria-hidden="true"></span><span class="sr-only">Search</span></a>
              <ul class="dropdown-menu search-form" role="search">
                <li>
                  <div class="input-group" style="width: 100%; padding: 0 5px;">
                    <script async src="https://cse.google.com/cse.js?cx=cb41d2753d228d8b7"></script>
                    <div class="gcse-search"></div>
                  </div>
                </li>
              </ul>
            </li>
          </ul>
        </div>
      </div>
    </nav>
  </header>
  <!-- / Navigation -->
  <header id="main-header" class="container">
    <div class="sideImg">
	  <!-- <a class="visible-home" href="https://events.apache.org/"><img class="img-responsive" style="width: 100%;" src="/events/current-event-125x125.png" alt="Apache Events"></a> -->
          <a class="visible-home" href="https://events.apache.org/x/current-event.html">
              <img class="img-responsive" style="width: 125px;" src="https://www.apachecon.com/event-images/default-square-light.png" alt="ApacheCon 2021 Coming Soon!" />
          </a>
      <a class="hidden-home" href="http://www.apache.org/"><img class="img-responsive" src="http://www.apache.org/img/asf-estd-1999-logo.jpg" alt="The Apache Software Foundation"></a>
    </div>
    <div class="main">
      <img class="img-responsive center-block visible-home" src="http://www.apache.org/img/asf-estd-1999-logo.jpg" alt="Apache 20th Anniversary Logo">
      <h2 class="text-center">Community-led development "The&nbsp;Apache&nbsp;Way"</h2>
      <ul class="nav navbar-nav navbar-justified">
        <li class="drowpdown">
          <a href="http://www.apache.org/security/security.html#" class="dropdown-toggle" data-toggle="dropdown" role="button">Projects&nbsp;<span class="caret hidden-sm"></span></a>
          <ul class="dropdown-menu" role="menu">
            <li><a href="http://www.apache.org/index.html#projects-list">Project List</a></li>
            <li><a href="http://www.apache.org/foundation/how-it-works.html#management">How they work</a></li>
            <li><a href="https://community.apache.org/projectIndependence.html">Independence</a></li>
            <li><a href="https://projects.apache.org/committees.html?date">Date Founded</a></li>
            <li><a href="https://projects.apache.org/projects.html?name">Names</a></li>
            <li><a href="https://projects.apache.org/projects.html?category">Categories</a></li>
            <li><a href="https://projects.apache.org/projects.html?language">Languages</a></li>
            <li><a href="https://projects.apache.org/statistics.html">Statistics</a></li>
            <li><a href="https://incubator.apache.org/">Apache Incubator</a></li>
            <li><a href="https://helpwanted.apache.org/">Help Wanted</a></li>
            <li><a href="http://www.apache.org/foundation/marks/">Brand Management</a></li>
            <li><a href="http://www.apache.org/foundation/glossary.html">Glossary of Terms</a></li>
          </ul>
        </li>
        <li class="dropdown">
          <a href="http://www.apache.org/security/security.html#" class="dropdown-toggle" data-toggle="dropdown" role="button">People&nbsp;<span class="caret hidden-sm"></span></a>
          <ul class="dropdown-menu" role="menu">
            <li><a href="http://www.apache.org/foundation/how-it-works.html#roles">Roles</a></li>
            <li><a href="http://www.apache.org/foundation/members.html">Members</a></li>
            <li><a href="https://community.apache.org/contributors/">Committers</a></li>
            <li><a href="http://www.apache.org/foundation/#who-runs-the-asf">Board of Directors</a></li>
            <li><a href="http://www.apache.org/foundation/#who-runs-the-asf">Officers &amp; Project VPs</a></li>
            <li><a href="https://diversity.apache.org/">Diversity & Inclusion</a></li>
            <li><a href="http://www.apache.org/foundation/policies/conduct">Code of Conduct</a></li>
            <li><a href="https://people.apache.org/">Committer Directory</a></li>
            <li><a href="https://community.zones.apache.org/map.html">Heat Map</a></li>
          </ul>
        </li>
        <li class="dropdown">
          <a href="http://www.apache.org/security/security.html#" class="dropdown-toggle" data-toggle="dropdown" role="button">Community&nbsp;<span class="caret hidden-sm"></span></a>
          <ul class="dropdown-menu" role="menu">
            <li><a href="https://community.apache.org/about/">Community Development</a></li>
            <li><a href="http://www.apache.org/foundation/policies/conduct">Code of Conduct</a></li>
            <li><a href="https://community.apache.org/">Get Involved</a></li>
            <li><a href="https://community.apache.org/mentoringprogramme.html">Mentoring</a></li>
            <li><a href="https://helpwanted.apache.org/">Help Wanted</a></li>
            <li><a href="https://community.apache.org/calendars/">Community Events</a></li>
            <li><a href="https://community.apache.org/newbiefaq.html">FAQ</a></li>
            <li><a href="https://community.apache.org/lists.html">Mailing Lists</a></li>
          </ul>
        </li>
        <li class="dropdown">
          <a href="http://www.apache.org/security/security.html#" class="dropdown-toggle" data-toggle="dropdown" role="button">License&nbsp;<span class="caret hidden-sm"></span></a>
          <ul class="dropdown-menu" role="menu">
            <li><a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License 2.0</a></li>
            <li><a href="http://www.apache.org/foundation/license-faq.html">Licensing FAQ</a></li>
            <li><a href="http://www.apache.org/licenses/contributor-agreements.html">Contributor License Agreements</a></li>
            <li><a href="http://www.apache.org/licenses/contributor-agreements.html#grants">Software Grants</a></li>
            <li><a href="http://www.apache.org/foundation/marks/list/">Trademarks</a></li>
			<li><a href="http://www.apache.org/licenses/exports/">Exports</a></li>
          </ul>
        </li>
        <li class="dropdown">
          <a href="http://www.apache.org/security/security.html#" class="dropdown-toggle" data-toggle="dropdown" role="button">Sponsors&nbsp;<span class="caret hidden-sm"></span></a>
          <ul class="dropdown-menu" role="menu">
            <li><a href="http://www.apache.org/foundation/sponsorship.html">Sponsor the ASF</a></li>
            <li><a href="http://www.apache.org/foundation/thanks">Sponsor Thanks</a></li>
            <li><a href="http://www.apache.org/foundation/contributing.html#CorporateGiving">Corporate Giving</a></li>
            <li><a href="http://www.apache.org/foundation/contributing.html">Individual Donations</a></li>
            <li><a href="https://www.redbubble.com/people/comdev/">Buy Stuff</a></li>
          </ul>
        </li>
      </ul>
    </div>
    <div class="sideImg">
      <a href="http://www.apache.org/foundation/contributing.html"><img class="img-responsive" src="http://www.apache.org/img/support-apache.jpg" alt="Apache Support Logo" /></a>
    </div>
  </header>
  <main id="maincontent">
<div class="container">    <h2 id="the-apache-security-team">The Apache Security Team<a class="headerlink" href="http://www.apache.org/security/security.html#the-apache-security-team" title="Permalink">&para;</a></h2>
<p>The Apache Security Team provides help and advice to Apache
projects on security issues and coordinates the handling of
security vulnerabilities.</p>
<h2 id="reporting-a-vulnerability">Reporting a vulnerability<a class="headerlink" href="http://www.apache.org/security/security.html#reporting-a-vulnerability" title="Permalink">&para;</a></h2>
<p>We strongly encourage you to report potential security vulnerabilities to one of
our private security mailing lists first, before disclosing them in a
public forum.</p>
<p>A <a href="http://www.apache.org/security/projects.html">list of security contacts for Apache projects</a> is
available. If you can't find a project-specific security e-mail address and
you have an undisclosed security vulnerability to report, use
the general security address below.</p>
<p><strong>Only use the security contacts to report undisclosed security vulnerabilities in Apache projects and
manage the process of fixing such vulnerabilities. We cannot accept
regular bug reports or other security-related queries at these addresses.
We will ignore mail sent to these addresses that does not relate to an undisclosed
security problem in an Apache project.</strong></p>
<p><strong>Also note that the security team handles vulnerabilities in Apache projects,
not running ASF services. Send reports of vulnerabilities in ASF
services to <a href="mailto:root@apache.org">root@apache.org</a>.</strong></p>
<p>The general security mailing list address is:
<a href="mailto:security@apache.org">security@apache.org</a>. This is a private
mailing list.</p>
<p>Please send one plain-text email for each vulnerability you are reporting.  We may
ask you to resubmit your report if you send it as an image, movie, HTML, or
PDF attachment when you could as easily describe it with plain text.</p>
<p>You do not need to encrypt submissions, and it takes us longer to respond to encrypted reports.  There is no team key for <code>security@apache.org</code>;
instead you can use the OpenPGP keys of the
following subset of members of the Apache Security Team.
Note that this is
not a complete list of Apache Security Team members and that you should not
contact these members individually about security issues.</p>
<ul>
<li>Mark Cox - 5B25 45DA B219 95F4 088C  EFAA 36CE E4DE B00C FE33 -
<a href="https://keys.openpgp.org/search?q=5B2545DAB21995F4088CEFAA36CEE4DEB00CFE33">keys.openpgp.org</a></li>
<li>Bill Rowe - B1B9 6F45 DFBD CCF9 7401 9235 193F 180A B55D 9977 -
<a href="https://keys.openpgp.org/search?q=B1B96F45DFBDCCF974019235193F180AB55D9977">keys.openpgp.org</a></li>
<li>Mark Thomas - A9C5 DF4D 22E9 9998 D987 5A51 10C0 1C5A 2F60 59E7 -
<a href="https://keys.openpgp.org/search?q=A9C5DF4D22E99998D9875A5110C01C5A2F6059E7">keys.openpgp.org</a></li>
<li>Yann Ylavic - 8935 9267 45E1 CE7E 3ED7  48F6 EC99 EE26 7EB5 F61A -
<a href="https://keys.openpgp.org/search?q=8935926745E1CE7E3ED748F6EC99EE267EB5F61A">keys.openpgp.org</a></li>
</ul>
<p>You can obtain these public keys <a href="http://www.apache.org/security/KEYS.txt">in a single file</a>.</p>
<h2 id="vulnerability-information">Vulnerability Information<a class="headerlink" href="http://www.apache.org/security/security.html#vulnerability-information" title="Permalink">&para;</a></h2>
<p>You can usually find information on known vulnerabilities for an Apache project on the project's web pages. For convenience, consult the <a href="http://www.apache.org/security/projects.html">list of
security information pages for Apache projects</a>. If you can't find the information you are looking for on the
project's web site, ask your question on the project's <code>users</code> mailing list. Don <strong>not</strong> ask the security contacts directly about about:</p>
<ul>
<li>
<p>how to configure the package securely</p>
</li>
<li>
<p>whether a published vulnerability applies to specific versions of the Apache
packages you are using</p>
</li>
<li>
<p>whether a published vulnerability applies to the configuration of the Apache
packages you are using</p>
</li>
<li>
<p>obtaining further information on a published vulnerability</p>
</li>
<li>
<p>the availability of patches and/or new releases to address a published
vulnerability</p>
</li>
</ul>
<p>The relevant project's <code>users</code> list is the place to ask such questions. The Apache Security Team and any project security
team will ignore any such questions you send directly to them.</p>
<h2 id="vulnerability-handling">Vulnerability handling<a class="headerlink" href="http://www.apache.org/security/security.html#vulnerability-handling" title="Permalink">&para;</a></h2>
<p>An overview of the vulnerability handling process is:</p>
<ul>
<li>
<p>The reporter reports the vulnerability privately to Apache.</p>
</li>
<li>
<p>The appropriate project's security team works privately with the reporter
to resolve the vulnerability.</p>
</li>
<li>
<p>The project creates a new release of the package the vulnerabilty affects to deliver its fix.</p>
</li>
<li>
<p>The project publicly announces the vulnerability and describes how to apply the fix.</p>
</li>
</ul>
<p>Committers should read a <a href="http://www.apache.org/security/committers.html">more detailed description of the process</a>. Reporters of security vulnerabilities may also find
it useful.</p>

</div>  </main>

  <!-- Footer -->
  <footer class="bg-primary">
    <div class="container">
      <div class="row">
        <br />
        <div class="col-sm-1">

        </div>
        <div class="col-sm-2">
          <h5 class="white">Community</h5>
          <ul class="list-unstyled white" role="menu">
            <li><a href="http://community.apache.org/">Overview</a></li>
            <li><a href="http://www.apache.org/foundation/conferences.html">Conferences</a></li>
            <li><a href="http://community.apache.org/gsoc.html">Summer of Code</a></li>
            <li><a href="http://community.apache.org/newcomers/">Getting Started</a></li>
            <li><a href="http://www.apache.org/foundation/how-it-works.html">The Apache Way</a></li>
            <li><a href="http://www.apache.org/travel/">Travel Assistance</a></li>
            <li><a href="http://www.apache.org/foundation/getinvolved.html">Get Involved</a></li>
            <li><a href="http://www.apache.org/foundation/policies/conduct.html">Code of Conduct</a></li>
            <li><a href="http://community.apache.org/newbiefaq.html">Community FAQ</a></li>
            <li><a href="http://www.apache.org/memorials/">Memorials</a></li>
          </ul>
        </div>

        <div class="col-sm-2">
          <h5 class="white">Innovation</h5>
          <ul class="list-unstyled white" role="menu">
            <li><a href="http://incubator.apache.org/">Incubator</a></li>
            <li><a href="http://labs.apache.org/">Labs</a></li>
            <li><a href="http://www.apache.org/licenses/">Licensing</a></li>
            <li><a href="http://www.apache.org/foundation/license-faq.html">Licensing FAQ</a></li>
            <li><a href="http://www.apache.org/foundation/marks/">Trademark Policy</a></li>
            <li><a href="http://www.apache.org/foundation/contact.html">Contacts</a></li>
          </ul>
        </div>

        <div class="col-sm-2">
          <h5 class="white">Tech Operations</h5>
          <ul class="list-unstyled white" role="menu">
            <li><a href="http://www.apache.org/dev/">Developer Information</a></li>
            <li><a href="http://www.apache.org/dev/infrastructure.html">Infrastructure</a></li>
            <li><a href="http://www.apache.org/security/security.html">Security</a></li>
            <li><a href="http://status.apache.org">Status</a></li>
            <li><a href="http://www.apache.org/foundation/contact.html">Contacts</a></li>
          </ul>
        </div>

        <div class="col-sm-2">
          <h5 class="white">Press</h5>
          <ul class="list-unstyled white" role="menu">
            <li><a href="http://www.apache.org/press/">Overview</a></li>
            <li><a href="https://blogs.apache.org/">ASF News</a></li>
            <li><a href="https://blogs.apache.org/foundation/">Announcements</a></li>
            <li><a href="https://twitter.com/TheASF">Twitter Feed</a></li>
            <li><a href="http://www.apache.org/press/#contact">Contacts</a></li>
          </ul>
        </div>

        <div class="col-sm-2">
          <h5 class="white">Legal</h5>
          <ul class="list-unstyled white" role="menu">
            <li><a href="http://www.apache.org/legal/">Legal Affairs</a></li>
            <li><a href="http://www.apache.org/legal/dmca.html">DMCA</a></li>
            <li><a href="http://www.apache.org/licenses/">Licensing</a></li>
            <li><a href="http://www.apache.org/foundation/marks/">Trademark Policy</a></li>
            <li><a href="http://www.apache.org/foundation/records/">Public Records</a></li>
            <li><a href="http://www.apache.org/foundation/policies/privacy.html">Privacy Policy</a></li>
            <li><a href="http://www.apache.org/licenses/exports/">Export Information</a></li>
            <li><a href="http://www.apache.org/foundation/license-faq.html">Licensing FAQ</a></li>
            <li><a href="http://www.apache.org/foundation/contact.html">Contacts</a></li>
          </ul>
        </div>

        <div class="col-sm-1">
        </div>

      </div>
      <hr class="col-lg-12 hr-white" />
      <div class="row">
        <div class="col-lg-12">
          <p class="text-center">Copyright &#169; 2021 The Apache Software Foundation, Licensed under the <a class="white" href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
          <p class="text-center">Apache and the Apache feather logo are trademarks of The Apache Software Foundation. </p>
        </div>
      </div>
    </div>

  </footer>

  <!-- / Footer -->

  <script src="http://www.apache.org/js/jquery-2.1.1.min.js"></script>
  <script src="http://www.apache.org/js/bootstrap.js"></script>
  <script src="http://www.apache.org/js/slideshow.js"></script>
  <script>
    (function($){
    $(document).ready(function(){
    $('ul.dropdown-menu [data-toggle=dropdown]').on('click', function(event) {
    event.preventDefault();
    event.stopPropagation();
    $(this).parent().siblings().removeClass('open');
    $(this).parent().toggleClass('open');
    console.log('WOrked');
    });
    });
    })(jQuery);
  </script>
</body>
</html>